I thought to use the momentum around secure boot within Debian [2] for supporting it within win32-loader as well.
The basic idea is to replicate the following commands in win32-loader: $ # Copy /usr/lib/shim/shimx64.efi.signed from shim-signed package to $ # /boot/efi/EFI/debian/shimx64.efi$ sudo efibootmgr --create --label 'Debian GNU/Linux - Continue with install process' --loader '\EFI\debian\shimx64.efi'
... Boot0009* Debian GNU/Linux - Continue with install process ... $ sudo efibootmgr --bootnext 0009I have not yet investigated how ipxe.efi from the ipxe package could be chainloaded from either shim or grub2.
[2] <https://bits.debian.org/2019/02/testing-initial-secure-boot-support.html>
-------- Original Message --------
Le mardi, 15 janvier 2019, 17.39:00 h CET Bernhard Übelacker a écrit :If such a system is detected, maybe a warning could be added?Sure. I suggest this would be done very early, but have no clue how to detect such a system. This would also make sense in time for buster. Could you work on a patch? Thomas; an idea?A short search led to function kernel32!GetFirmwareType [1]. That is said to be supported since windows 8. This function is already used in include/bootcfg.nsh, but can not see any user, maybe just a preparation for future use ... Kind regards, Bernhard [1] https://docs.microsoft.com/en-us/windows/desktop/api/winbase/nf-winbase-getfirmwaretype